If you keep screenshots of login credentials or cryptocurrency seed phrases—or any sensitive content, really—in your phone’s photo gallery, you should go through and remove them. A spyware campaign targeting images is spreading through apps found on the Apple App and Google Play stores as well as third-party sources.
Identified by Kaspersky and reported by Bleeping Computer, SparkKitty malware gains access to photo galleries on iOS and Android, allowing it to exfiltrate images or data contained within them, possibly with the goal of stealing victims’ crypto assets as well as other compromising information.
SparkKitty steals images and screenshots
If SparkKitty infects your iOS device, it requests permission to access your photo gallery which, if granted, will allow the program to monitor for and exfiltrate new images. On Android, SparkKitty requests storage permissions to access images so that it can upload images along with device identifiers and metadata. It may also use Google ML Kit’s optical character recognition (OCR) to specifically target images like screenshots that contain text.
SparkKitty spreads through malicious apps that have been found (and subsequently removed) on the Apple App Store and Google Play Store. Kaspersky also discovered the malware in TikTok clones—distributed via unofficial platforms—that embed various fake apps, including cryptocurrency stores and gambling and casino apps.
SparkKitty may be an iteration of SparkCat, a photo-scanning malware that was first identified earlier this year but had likely been circulating for some time. While SparkCat specifically targeted crypto wallets using OCR to identify text keywords, SparkKitty appears to indiscriminately steal images from compromised galleries. Since some SparkKitty delivery vectors have been crypto-themed, Kaspersky researchers believe crypto theft is still the primary goal, though the possibility of other sensitive content being used maliciously—extortion, for example—remains.
What you need to do
iOS and Android users can take steps both to minimize or protect the sensitive data stored on their devices as well as limit the risk of falling victim to spyware like SparkKitty in the first place.
You should also exercise caution when downloading apps to your device, whether from the Google Play and Apple App stores or unofficial sources. Unfortunately, you can’t trust everything you find even on vetted platforms. Look for red flags: Check the developer’s history and scrutinize reviews, especially if there are a lot of glowing reviews relative to the number of downloads. Be wary of requests to access your photo gallery, especially if those permissions aren’t related to the app’s functionality. In fact, you should pay close attention to permissions requested any time you install a new app—don’t just blindly allow them.
Finally, ensure Google Play Protect, which has live threat detection, is active on Android, and keep an eye out for warning signs of a malware infection on your device.
The Download
Never miss a tech story
Jake Peterson
Get the latest tech news, reviews, and advice from Jake and the team.
The Download
Never miss a tech story. Get the latest tech news, reviews, and advice from Jake and the team.
